A “state-based cyber actor” has been launching “sophisticated” cyberattacks against Australian public and private sector institutions, the Australian government has revealed.
The Australia cyberattacks have taken place over a period of several months and have been growing in intensity, Prime Minister Scott Morrison said during a press conference on Friday.
He said the cyberattacks spanned “government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure”.
Morrison declined to point the finger at a specific country behind the cyberattacks. However, cybersecurity experts say that only China, North Korea and Russia have both the capabilities and motive to carry out such attacks.
China has previously been connected to cyberattacks in Australia, but Morrison declined to answer a direct question about the country’s involvement.
China’s foreign ministry told ABC that the allegations are “baseless and nonsense”.
“What I can confirm is there are not a large number of state-based actors that can engage in this type of activity and it is clear, based on the advice that we have received, that this has been done by a state-based actor, with very significant capabilities,” said Morrison.
Australia cyberattacks: Why now?
One question that security experts have been asking is “why now?” State-backed cyberattacks take place daily, from low-level DDoS attacks to advanced zero-day exploits. Nor did Morrison identify a specific attack, while previous hacks have been identified without making a similar announcement.
In 2019 Reuters revealed that Australian intelligence services determined China was behind a cyberattack on Australia’s national parliament.
“Hacking is a game of cat and mouse, and the mouse is getting bigger; it’s very motivated to embarrass democracies and it is usually well-funded,” said Sam Curry, chief security officer at security firm Cybereason.
“Because the Australian government is regularly under cyberattack, and these incidents rarely make headlines, the timing of Morrison’s announcement could spell an uptick and severity of the actions of a foreign state.”
Tim Wellsmore, a cybersecurity expert located in the Asia Pacific region at security firm FireEye, said the Australia cyberattacks were “concerning but not surprising” and pointed to the current geopolitical tensions facing the country.
“From our experience, we know that state-sponsored cyber threat activity directly replicates geopolitical tensions so it would be plausible to assume this reported activity and announcement is connected,” he said.
Nick Savvides, director of strategic business at cybersecurity firm Forcepoint, said: “While Australia across has significant capabilities in cybersecurity and an active cybersecurity community, unfortunately not all organisations are at the same level, with many organisations simply not having right capabilities.
“We are also struggling with a skills shortage, with unfilled cybersecurity roles in every sector, that means many of the skills end up in the top end of town and large departments, leaving small and medium business and government agencies exposed.”
The Australian Cyber Security Centre has published an advisory for businesses on what they can do to stay secure in light of the attack.